Adaptive threat management through the integration of IDS into Software Defined Networks

For many years network operators have struggled to maintain fragile, statically configured and extremely complex networks. The constant threat of viruses, malware, intruders and misconfigured devices has made the task even more difficult. The use of an Intrusion Detection System (IDS) has become a standard defense model in many networks, however they are expensive and difficult to maintain and further complicate a network. This paper introduces a novel approach that integrates a distributed Intrusion Detection System into a Software Defined Network (SDN) and in doing so provides a more scalable security and threat management solution. The core mechanisms that enable SDN to provide an IDS function have been implemented and their performance evaluated. The viability of this approach was evaluated and found to be an effective alternative to the current IDS deployment model.

[1]  Martín Casado,et al.  Ethane: taking control of the enterprise , 2007, SIGCOMM '07.

[2]  Tal Garfinkel,et al.  SANE: A Protection Architecture for Enterprise Networks , 2006, USENIX Security Symposium.

[3]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[4]  Christian Kreibich,et al.  Policy-controlled event management for distributed intrusion detection , 2005, 25th IEEE International Conference on Distributed Computing Systems Workshops.

[5]  Minlan Yu,et al.  FlowTags: enforcing network-wide policies in the presence of dynamic middlebox actions , 2013, HotSDN '13.

[6]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[7]  Bing Chen,et al.  Active event correlation in Bro IDS to detect multi-stage attacks , 2006, Fourth IEEE International Workshop on Information Assurance (IWIA'06).

[8]  Minlan Yu,et al.  SIMPLE-fying middlebox policy enforcement using SDN , 2013, SIGCOMM.

[9]  Yuan-Cheng Lai,et al.  Statistical analysis of false positives and false negatives from real traffic with intrusion detection/prevention systems , 2012, IEEE Communications Magazine.

[10]  Pekka Loula,et al.  Implicit Malpractice and Suspicious Traffic Detection in Large Scale IP Networks , 2010, 2010 Fifth International Conference on Internet Monitoring and Protection.

[11]  Dijiang Huang,et al.  SnortFlow: A OpenFlow-Based Intrusion Prevention System in Cloud Environment , 2013, 2013 Second GENI Research and Educational Experiment Workshop.